Information security director job description

TransUnion's Job Applicant Privacy Notice

What We'll Bring:
At TransUnion, we have a welcoming and energetic environment that encourages collaboration and innovation. This gives our people the opportunity to hone current skills while building and discovering new capabilities.

TransUnion constantly analyzes market opportunities for growth through investments and acquisitions. To do this successfully requires a robust and mature M&A pipeline process. TransUnion's Information Security team plays a key part in M&A diligence and integration to ensure a clear and thorough understanding of risks associated with potential targets as well as appropriate planning and delivery of protection capabilities to acquired companies.

As an M&A Information Security Director, you will be part of the deal pursuit and integration teams that work across the globe, driving Information Security goals by helping to lead evaluations of investment and acquisition targets and, as applicable, their subsequent integrations.

Come be a part of our team and work with great people and cutting-edge technology.

What You'll Bring:
Security Diligence: Lead evaluating M&A targets' security posture-organizational structure, policies, processes, technical capabilities-based on TransUnion's Information Security playbook and standards. Working with M&A targets' technology and information security leaders, oversee execution of TU-led and 3rd party vendor assessments. Present findings to TransUnion's executive leadership. Ensure quality of deliverables-including diligence briefings, security integration plans and cost models-and their alignment with overall approach for business and technology objectives.Security Integration Planning: Lead development of the security integration hypothesis including merging of organizational structure, processes and security capabilities. Lead planning of security integration programs based on results of M&A diligence and security assessments as well as your knowledge of TransUnion's security posture, technology capabilities, and lessons learned from previous integrations.Integration Cost Model Development: Lead development of security integration cost models and financial forecasts while ensuring that they coincide and align with broader technology integration assumptions and milestones as well as TU's strategic direction for information security capabilities.Security Architecture & Capability Planning: Working in conjunction of other parts of Information Security and technology teams, facilitate development of security architecture plans and designs in accordance with integration objectives to bring acquired companies up to TransUnion's on-premise and cloud security standards.Security Posture Assessment Tooling: Help drive additional maturity and standardization in use of assessment tooling to evaluate acquired companies' security postures, particularly for cloud environments. Facilitate adoption of new tools and processes in the M&A playbook.Collaboration: Closely collaborate across M&A teams and locations. Address issues expeditiously, define alternative solutions as needed, resolve conflict and create lasting, productive partnerships with stakeholders in acquired entities. Help ensure that resources and organizational structure exist to promote collaboration and meeting of integration objectives.Communication: Convey goals and objectives to senior management and project team members in a clear and compelling manner. Actively listen during meetings and be comfortable clarifying ambiguity or technical areas beyond your comfort zone of knowledge. Produce concise presentations and other deliverables on a timely basis. Promote open communication within the project team.Change Management: Recognize the impact culture has on success and, if needed, tailor communication and delivery approach to local M&A teams and stakeholders to achieve outcomes. Effectively position projects and their objectives within the context of acquisition priorities to executives and sponsors. Successfully operate within different organizational cultures and norms to achieve M&A objectives.Additional responsibilities related to M&A Information Security Integration to be considered depending on the background and skillset of a successful candidate.

Impact You'll Make:
Interfacing with executive stakeholders Lead evaluations of investment and acquisition targets and, as applicable, their subsequent integrations.Educate the business and interact with various groups with in TU including, Information Security, Global Technology, and M&A Leadership.

#LI-KJ1

We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, disability status, veteran status, marital status, citizenship status, sexual orientation, gender identity or any other characteristic protected by law.

TransUnion's Internal Job Title:
Director, InfoSec Governance

• Bachelor's or Master's degree in Computer Science or related field
• At least 7 years of experience in information security with at least 2 years managing a team
• Hands on experience in security systems and tools, including static/dynamic code analysis, firewalls, IDS, WAF, anti-virus software, authentication systems, log management, Zero Trust, Passwordless Authentication, PKI, Kubernetes, Cloud Security Architecture
• Expert level knowledge of:
• • Web application security areas such as Authentication/Authorization, data validation, encryption, logging, SDLC, threat modeling
  • Amazon Web Services (AWS) security services and technologies
  • Web application abuse and fraud
• Experience with security compliance frameworks such as NIST, ISO27001, SOC type 2 or others
• Solid understanding of Networking with physical and cloud technologies
• Problem solving skills and ability to work under pressure
• Self-starter with strong interpersonal, communication, and collaboration skills

Why work at Credible?

We combine the intelligence, expertise and confidence of a financial advisor with the approachability and honesty of a friend. In other words, we're the friend you always wish you had in finance.

We are optimistic, challengers, trustworthy, clever, and smart. We are open and transparent. We strive to act as advisors by being friendly, objective, and open in our communication. We use language that is intelligent yet approachable. When appropriate, we'll drop in a bit of wit to position ourselves as a fresh, reliable voice in the financial world.

Our benefits:
We offer competitive compensation, generous wellness benefits, growth opportunities, team lunches, and a flexible vacation policy. But mainly, you want to work at Credible because you believe in our mission and want to have a major role in delivering on it! We look forward to getting to know you.We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. We will consider for employment qualified applicants with criminal histories consistent with applicable law.

HEPCO is seeking a Director of Information Security for a direct-hire role for a New York City Government Agency.

The Agency is currently seeking a candidate with a wide breadth of information security experience, specifically in security operations, architecture, advisory, and management to be their Director of lnformation Security. This candidate will have a strong background in understanding complex distributed systems that interact, receive and exchange data with multiple partner sources and be able to identify, manage, and remediate any risks that can impact the organization. The ideal candidate will have a balanced approach of security and business operations and is able to translate technical risk to business impact.
Primary Responsibilities:

• Partner with key stakeholders in the business to identify, assess, aggregate and document risks and controls, including risks associated with new or modified products, services, distribution channels, regulations and third party operations.
• Present findings to various levels of leadership concerning the status of system risk or failure as a result of installations, upgrades and modification and the cost or impact to business operations.
• Contribute to the implementation of new risk policies, practices, and solutions to ensure holistic understanding and management of risks according to industry best practice.
• Enhance strategies, tools, and methodologies to measure, monitor, and report data risks.
• Support the formulation of stress test plans for a line of business or the enterprise including the evaluation of results, and framing of contingency plans in partnership with key business stakeholders.
• Supervise and guide a team of Senior Security Analysts to optimally perform their duties to secure the operational integrity of the agency from internal and external threats.


Minimum Qualification Requirements:

A baccalaureate degree from an accredited college and four years of satisfactory full-time experience related to projects and policies required by the particular position; or, education and/or experience which is equivalent to above.


Preferred Skills:

• Experience in the performance of analytical, planning, operational and technical review in the movement of information across the network.
• Knowledge of emerging technology and the security governance implications.
• Demonstrated understanding of cyber security risk management concepts, cybersecurity frameworks, control standards, and security technologies.
• Strong background in various flavors of operating systems (Windows, Linux, UNIX) and databases (Oracle, DB2, MySQL, MongoDB).
• Strong understanding of various security solutions (Cisco FirePower, BlueCoat, Rapid7, Palo Alto, Crowdstrike, Imperva, Nessus, McAfee, Tanium, Splunk, Wireshark, etc.)
• Experience with application forensic tools (Veles, DNSpy, IDA, CyberChef, etc.)
• Experience designing, architecting, troubleshooting, and deploying various security technologies while minimizing the business impact that can occur from the implementation of active security technologies.
• Experience managing Information security operations teams.
• Excellent skills with MS products (Project, Word, Excel, PowerPoint, Access and Visio).
• Excellent written and oral communication skills and proven analytical skills.
• Demonstrated ability to develop and maintain project management metrics.
• Flexible and able to conform to shifting priorities.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, gender expression, marital status, national origin, age, veteran status, disability, or any other protected class.